('binary' encoding is not supported, stored as-is) author: Maxspeed
vendor statues: they have been informed

Vulnerable versions: ikonboard 3.0.1
                               ikonboard 3.0.2
                               ikonboard 3.0.3(the version they
use on their site)

Severity: Malicious users can steal session cookies,
allowing administrative access to the admin panel

Problem:
Ok the problem is in the way the [img] tags check for
the "http://". The [img] tags checks for the "http://"
when you posting a new topic but it doesnt check for
it while your editing one. So it will allow you to insert
malacious code while you editing a post.

Proof of concept:

Make a new post, then "EDIT" the post and in the
body of the post insert this code

[IMG]javascript:alert(document.cookie)[/IMG]

an alert box should pop up displaying your cookies!

Fix:

make [IMG] tags check for "http://" when editing a
post.

Maxspeed017yahoo.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]